Overview of Auditing

Auditing is one of the major principles of the C2 security specification that Windows 2000 (like Windows NT before it) was designed to meet. The principles of the system are the following: users should uniquely identify themselves to the system (mandatory logon), every resource should have an owner who can regulate access to it (discretionary access control), and it should be possible to record what access has taken place (auditing).

Auditing on Windows 2000 is controlled through the security policy. The policy allows the administrator to enable the recording of success and/or failure events in a number of categories. These include attempts to log on to the system, attempts to access files and printers, and attempts to manage user accounts or change to the system policy (see Figure 5.6.1.).